Vulnerabilities > Backintime Project

DATE	CVE	VULNERABILITY TITLE	RISK
2017-11-08	CVE-2017-16667	OS Command Injection vulnerability in Backintime Project Backintime backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. network backintime-project CWE-78 critical	9.3
2017-04-06	CVE-2017-7572	Race Condition vulnerability in Backintime Project Backintime The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). network backintime-project CWE-362 critical	9.3

Vulnerabilities > Backintime Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Backintime Project"}]}